Mucomplex Diary

A cyber security enthusiasm. Learning is my passion. Currently working as Security Consultant at Firmus sdn bhd. I had experience in the penetration testing and reverse engineering skills. I am doing penetration testing for the web penetration testing and vulnerability assessment on servers and other infrastructure.

View on GitHub

Journey to become offensive Security Expert

Date : 09 Oct 2019

Author: mucomplex

Hi guys, today I want to share with you my way on how to become an offensive security expert.

The first things that newcomers will ask “do I need OSCP, OSCE, OSWE, OSEE, GPEN, CISSP to be hired and become an expert in this industry?”.Calm down, are you sure want to get into this industry?. If yes, let me show you initial foothold, there is no right or wrong. I assume you have some basic knowledge about computer.

First thing that you need is to develop creative thinking by learning simple coding. such as HTML, most of it is all about pattern. for example:
<html>
</html>
There is a different way to define HTML code. this might be your first code writing. :D

https://www.w3schools.com/html/

Then, have you ever explore file directory in window?. If not, you should. For example, during my young age, I try to copy games that installed on cyber cafe into my diskette, 500MB game into 2.5mb diskette. I just copy the shortcut icon into my diskette and hopefully, I can play it at home. Funny right? :D . It is still an experience. After that, I finally figure out commonly window folder is placed under “C:” drive when you open “My Computer” which renamed now as “This PC”

https://www.wikihow.com/Navigate-the-Windows-Directory
It said that you should not touch, but why not?. :D .
https://www.makeuseof.com/tag/default-windows-files-folders/

Now let us going bit deep, the first programming language that I learn is C++, where I’m obsessed with MMORPG game called “Ragnarok Online”, where the emulator release in C++ language.

https://rathena.org/

Some people might say that, why not learn scripting language such as Python, Ruby, Perl?. My reason is, C++ programming is bit complex where you need to defined data type, proper implementation of string, integer, array, etc. I bet that you will learn what is Byte, Word, Dword and Qword here. ;) . On this time, might come in mind how to store sets of programming data in computer?.should I store it in plain text on Notepad?. No, you surely will explore the technology that can store data such as (MySQL, MSSQL, Postgres, etc). Now you have some basic knowledge about programming syntax and pattern.

https://www.tutorialspoint.com/mysql/index.htm
https://www.tutorialspoint.com/cplusplus/index.htm

Next, I assume you have a better understanding of programming language, database management and window file directory. It is time for you to explore other people code, learn as much different programming language as you can, try different kind of tools, join community either forum, Reddit, Stack Overflow on the area you interested.

https://www.reddit.com/
https://stackoverflow.com/

You are ready for it, where you need to explore the Linux operating system. I suggest some good book and challenge here, take a look. I bet this book have better explaination than my own. :D

https://cmdchallenge.com/

Linux Basics for Hacker

This might be your first introduction to the proper hacking methodology, why I suggest this book?, It amazing and not overwhelming to understand. You will be exposed to service, protocol, web server, etc. You also will be taught to write a good report here.

Ethical Hacking and Penetration Testing Guide

Once complete, This place where spend most of your time and do some research.

https://overthewire.org/wargames/
https://www.hackthissite.org/
https://www.root-me.org/?lang=en
https://www.vulnhub.com/
https://www.hackthebox.eu/login
https://pentesterlab.com/

you are ready for OSCP and other hands-on certification, yey!. many people write about their experience of taking this exam. You need to get some feel, try to imagine it. :D

Once you pass, I guarantee that you have good skill enough to co-op with industry requirement. This might be the ending of our journey? Not yet!. It just beginning after all the thing that have we going through. Now you need to choose which area you want to be good at. Some options that I can suggest but three of the lists below is my expertise.

Malware Analysis:
Learning Malware Analysis

Exploit Development:
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

Web Exploitation:
https://www.ripstech.com/

For now I will stop it here, example link,pdf,etc that I share is some of it,but it will lead you to other knowledge that you need to know. Wait for part 2, stay tuned. :D